[HN Gopher] JavaScript modifying cut and paste can sometimes be ...
___________________________________________________________________
JavaScript modifying cut and paste can sometimes be a good thing in
browsers
Author : ingve
Score : 27 points
Date : 2023-06-18 15:19 UTC (7 hours ago)
(HTM) web link (utcc.utoronto.ca)
(TXT) w3m dump (utcc.utoronto.ca)
| NoZebra120vClip wrote:
| At work, I frequently modify specific URLs in a specific way. I
| sincerely wish that the process could be automated.
| cookie_monsta wrote:
| Sounds like the sort of thing a userscript could probably
| handle
| crtasm wrote:
| Would they let you install a userscript? Wouldn't be difficult
| to make one that adds a link on the page pointing to the
| modified URL.
|
| https://en.wikipedia.org/wiki/Userscript
| NoZebra120vClip wrote:
| No; we generally have limited access to Chrome extensions.
| Only those which are approved by the company are permitted.
| Arbitrary userscripts wouldn't be possible in that framework.
| ThrustVectoring wrote:
| This is a textbook use case for a Vim macro.
| NoZebra120vClip wrote:
| We don't use Vim at work.
| ThrustVectoring wrote:
| It's installed by default on OSX, Ubuntu, and most non-
| windows operating systems.
| yonatan8070 wrote:
| Well it could make your life way easier, I'd recommend
| trying it
| NoZebra120vClip wrote:
| Like I said, we don't use Vim at work.
| maest wrote:
| If you did, it could help you with this exact problem.
|
| It's installed by default on many operating systems (and
| easy to get hold of, otherwise)
| NoZebra120vClip wrote:
| [flagged]
| tedunangst wrote:
| Mastodon does this because they made a 500 character limit, but
| then you'd blow your whole budget on one link, so they made links
| not count, but then you need to shorten it somehow so it looks
| pretty because they don't support markdown or other means of
| posting links.
| krono wrote:
| The truncated part exists in the markup, it's simply being hidden
| with the help of some CSS.
|
| This same method is also used to trick people into executing
| nefarious shell commands of which an example can be seen here
| https://thejh.net/misc/website-terminal-copy-paste
| housemusicfan wrote:
| Allowing JavaScript to modify the clipboard contents is cancerous
| behavior and the developers that enabled this functionality
| should have their heads examined.
|
| Not once have I seen this function used in a non-abusive manner.
| More often then not it's either used to inject advertisements or
| copyright notices in the content copied to the clipboard.
|
| When you issue a copy command, what should appear on the
| clipboard is EXACTLY what is selected. I wish browser makers
| would stop adding useless new features and get down to brass
| tacks. It's 2023 and sites can still detect incognito mode which
| defeats the purpose.
| pests wrote:
| You've never seen the little "copy" button next to important
| information on websites? That is a non-abusive implementation.
| poniko wrote:
| In pixlr we copy and paste bitmap data and layers etc .. a
| feature that most users love .. and are pissed by the browsers
| that don't enable it. The problem is more about how the rights
| to access features is managed in browsers, it needs a total
| rewrite.
| antoniojtorres wrote:
| I was thinking about this the other day in relation to how iOS
| shows you this obtrusive confirmation dialogue if you're
| pasting in or out of certain apps like firefox. At first I was
| wondering if it was another one of their not so subtle anti-
| competitive moves, and then I read that the initial need for
| this was apps swiping information from user's clipboard and
| other types of abuses like that.
|
| It baffles me why that was ever made accessible to apps or
| programs.
| jjcm wrote:
| > When you issue a copy command, what should appear on the
| clipboard is EXACTLY what is selected.
|
| I disagree. There are plenty of situations where you would want
| to copy something that isn't the direct object you're
| selecting.
|
| Some simple examples:
|
| 1. Copying an object that uses a non-human readable format for
| an underlying data structure. If I'm pasting this into another
| application, I likely don't want to paste the bytecode or a
| JSON representation, but rather a text-readable representation
| or an image representation of that object.
|
| 2. Copying latex syntax when selecting mathematical equations
| rather than copying a SVG.
|
| 3. Copying or omitting rich text decorators (i.e. markdown
| decorators)
|
| 4. Copying an email address rather than a human-readable name
| if selecting a user-pill in an email "to" field.
|
| The API isn't the issue. There are a ton of situations where
| using it improves the user experience. It's growth-marketing
| tactics that are the issue.
| hfkwer wrote:
| Why such hyperbole? Cancerous? Heads examined? That's
| ridiculous. Wikipedia allows you to copy math expressions as
| MathML rather than a rendered SVG. Is that "cancerous
| behavior"?!
| housemusicfan wrote:
| I'm sure grenade launchers are great for hunting deer and
| other game but there's a reason they don't allow just anyone
| to buy one, despite there being an occasional positive use
| case.
| 8note wrote:
| I don't really understand what response is here.
|
| Like still, how is cancer a relevant metaphor? What's the
| cancerous cell that is avoiding typical cell death and
| reproducing unexpectedly? How is it taking resources from
| the group of cells that would usually use them?
| blendergeek wrote:
| Grenade launchers would actually be a very poor tool for
| hunting deer.
|
| Most deer hunters are looking to either take home a trophy
| or meat (or both). The use of a grenade to kill the deer
| would lead to the destruction of both meat and trophy.
|
| While some hunters are hunting for sport and may enjoy the
| challenge over the trophy or the meat, these tend select an
| _underpowered_ weapon (such as a bow and arrow) rather than
| an overpowered weapon (such as a grenade).
| guerrilla wrote:
| Okay fine, that's a good use, but I still wish it wasn't even
| possible.
| kevin_thibedeau wrote:
| Middle click paste to the rescue. Just have to combat sites that
| prevent text selection.
| lapcat wrote:
| The author's use case can be handled with CSS instead of
| JavaScript:
|
| overflow: hidden; white-space: nowrap; text-overflow: ellipsis;
| proto_lambda wrote:
| That's exactly how it _is_ handled, I don 't know where they
| got the idea that it's done by JS.
| moonlighter wrote:
| Another nuisance which really gets on my nerves is when sites
| specifically _prevent_ me from pasting, typically fields where
| you need to put a bank account or routing number. Copy and
| pasting that info is WAY more accurate and error-proof than
| glancing at one screen and re-typing it in another. I then
| temporarily disable Javascript in the developer menu and re-
| enabled it afterwards, but that still sometimes causes issues
| down the line, as now the site "thinks" there isn't a value in
| the field because they didn't notice any typing events, etc..
| the_pwner224 wrote:
| It's easier to ctrl-shift-c to pick the element in the
| inspector, then paste into the value="" HTML in the developer
| tools.
|
| Also useful on treasurydirect.gov which has a ridiculous
| password entry field. They make an on-screen "keyboard" with a
| bunch of JS buttons, you have to click those buttons to enter
| your password. You can't type into the password field or paste
| into it.
| vezycash wrote:
| >It's easier to ctrl-shift-c to pick the element in the
| inspector, then paste into the value="" HTML in the developer
| tools.
|
| I use "Happy Right-Click" firefox addon for this. Just click
| the addon icon located on the address bar and voila.
| xingped wrote:
| When I saw that treasury login form with the onscreen
| keyboard you had to click, I was absolutely flabbergasted.
| Thankfully they've now done away with it.
| floydnoel wrote:
| usually it isn't necessary to disable all JS, but right-click
| and inspect will show the text input has an attribute like
| `onPaste="() => return false"` which can just be changed to
| true instead. or just remove the attribute. I'm on my phone
| so the syntax may be slightly wrong but that's the gist.
| LelouBil wrote:
| In France a lot of bank websites have this on screen
| keyboard.
|
| I assumed it's against keyloggers.
| jtokoph wrote:
| While I don't agree with the implementation, I think this is
| usually done on forms that ask you to confirm the value a
| second time. The goal is not to prevent you from pasting from
| an accurate source; instead they are trying to prevent users
| from copying an incorrectly manually typed value from one field
| to the other. The end result just also blocks our use case...
| afiori wrote:
| sometimes websites forget to disable selection dragging, so
| you can paste in the first field and drag to the second
| field.
| janmarsal wrote:
| I guess mosquitoes provide food for the birds...
| matheusmoreira wrote:
| "Can sometimes be good" is not enough to override the numberless
| sites who abuse it to send me a scathing message about how I'm
| not supposed to copy paste their copyrighted content as if I
| cared.
| jenadine wrote:
| I'm really annoyed by some of these new webapp running in the
| browser and highjacking the clipboard do that the X11 selection
| clipboard (select & middle click) no longer work as expected on
| these.
| unlog wrote:
| This particular case doesn't use JavaScript at all. It is just
| CSS cropping the full URL in a way that when you select and copy
| it, copies text that it is hidden.
|
| edit to add an example:
| data:text/html,<div>123<b style="font-size:0">456</b>789</div>
| its-summertime wrote:
| Its not implemented in javascript. <a
| href="URL"> <span class="invisible">https://</span>
| <span class="ellipsis">example.com/</span> <span
| class="invisible">the/rest/of/the/url</span> </a>
|
| With semi-obvious CSS rules
___________________________________________________________________
(page generated 2023-06-18 23:02 UTC)